Solved

Splunk - receiving data from univ. forwarder

Posted on 2015-01-11
7
157 Views
Last Modified: 2015-01-25
Hey experts! I am evaluating Splunk for a client. I have deployed the server piece and installed the universal forwarder onto a few Windows servers. I noticed the logs from these servers appeared to not be showing in search results.

I checked the splunkd file and the last line shows a successful connection to the Splunk server. During the install wizard of the univ forwarder, I just accepted the defaults.

Is there a configuration piece I am missing?
0
Comment
Question by:Schuyler Dorsey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543678
FYI the Univ. Forwarder sends the App, System and Security logs by default.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543687
I have an index created for wineventlog and msad. Just accepted defaults for these.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543708
I think I got it. After rebooting the indexer, some logs are appearing in search results. Will monitor to confirm resolution.
0
Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

 
LVL 63

Expert Comment

by:btan
ID: 40545874
if you check the output.conf comments, it stated "# You must restart Splunk to enable configurations."

http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Outputsconf

also it stated restart forwarder for some configuration changes.

http://docs.splunk.com/Documentation/Splunk/6.2.1/Forwarding/Deploymentoverview#General_configuration_issues
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 0 total points
ID: 40559577
I fixed this by adjusting my inputs.conf. My stanzas had an error in them.
0
 
LVL 63

Expert Comment

by:btan
ID: 40559710
thanks for sharing hope my post has help though
0
 
LVL 10

Author Closing Comment

by:Schuyler Dorsey
ID: 40569007
Correct answer.
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange in house vs office 365 for security 6 71
O365 and Multi Factor Authentication 1 64
How long to crack a 8 chars alphanumeric password 18 133
Windows 10 14 40
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question